In contrast, if your randomization depends on just relinking things abit differently, you don't really give out any of the randominformation in /proc/iomem. Nor does it affect the load address andthe e820 memory map.

And, in fact, it does give you way more bits of randomness to playaround with the text addresses.

With something like function-sections, it should be possible to doquite a serious job of relinking (and then keep some "function sectionto actual relinked address" mapping around so that you can do the/proc/kallsyms mappings).

But that's actually the "fancy" model. I don't think we should aim atthat to begin with. Start off with something much less ambitious, likejust shifting the kernel by a few pages. People have argued that evenjust a 50% chance of an oops is preferable to nothing. So we can startsmall and stupid.